Skip Menu |
 

This queue is for tickets about the Clipboard CPAN distribution.

Report information
The Basics
Id: 98435
Status: open
Priority: 0/
Queue: Clipboard

People
Owner: ether [...] cpan.org
Requestors: carnil [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: clipedit: Insecurely uses temporary files
Date: Fri, 29 Aug 2014 18:30:24 +0200
To: bug-Clipboard [...] rt.cpan.org
From: Salvatore Bonaccorso <carnil [...] debian.org>
Download (untitled) / with headers
text/plain 791b
Hi While reviewing Clipboard for beeing packaged for Debian I noticed that script/clipedit uses temporary files insecurely by using the pid of the process in the temporary file name. [...] 7 my $tmpfilename = "/tmp/clipedit$$"; 8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!"; 9 print $tmpfile $orig; 10 close $tmpfile; [...] 13 system($ed, $tmpfilename); 14 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!"; 16 my $edited = join '', <$tmpfile>; [...] 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!"; Please use File::Temp to create the temporary file securely. See also [1] for more details. [1] http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/ Regards, Salvatore
Download (untitled) / with headers
text/plain 199b
Hi, FTR, CVE-2014-5509 was assigned for this issue[1]; Could you reference it in the Changes when fixing this issue? [1] http://www.openwall.com/lists/oss-security/2014/08/30/2 Regards, Salvatore
Download (untitled) / with headers
text/plain 248b
Hi, this module is used by App-Nopaste, which is in the Task::Kensho mega-distribution. Is it possible that this bug will be addressed soon? I am also willing to take on comaintenance of the module and fix/release it myself - my PAUSE id is ETHER.
Here's a patch which uses FIle::Temp instead. Cheers, gregor
Subject: insecure-tempfile.patch
Description: Fix insecure use of temporary files. This is CVE-2014-5509. Origin: vendor Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435 Author: gregor herrmann <gregoa@debian.org> Last-Update: 2016-08-13 --- a/scripts/clipedit +++ b/scripts/clipedit @@ -1,10 +1,11 @@ #!/usr/bin/perl use strict; use Clipboard; +use File::Temp qw( tempfile ); my $orig = Clipboard->paste; -my $tmpfilename = "/tmp/clipedit$$"; +my ($tmpfile, $tmpfilename) = tempfile(); open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!"; print $tmpfile $orig; close $tmpfile;


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.